Top tech sites hurt by false Google malware warning

Update: After Vator was tagged as a "suspicious site" due to a false malware alert on iSocket's ads, Google has graciously lifted the warning. But it still shows up in Google's search results, so... : /

If you’ve visited Vator at all in the last couple of hours from a Chrome browser, you’ve probably seen a scary malware warning featuring a very suspicious-looking bank robber illustration. Google has since lifted the malware warning, but not before it affected the home pages of a wide swath of sites, including TechCrunch and Cult of Mac.

The problem was the result of a false malware positive that Chrome picked up on ads in iSocket’s ad network, which means that any site hosting iSocket ads could have been affected. ISocket is a direct sales network that allows publishers to manage their own in-house, self-service, and programmatic direct ad sales. It so happens that a number of high profile tech sites are listed as publishers on iSocket’s BuyAds.com site, which allows publishers to accept direct orders for ads. Vator, TechCrunch and Cult of Mac are there, along with Mashable, VentureBeat, I Can Has Cheezburger, Gawker, and GigaOM, among others.

Chrome was the first to issue the alert, but later, users were also getting the alert from Explorer and Firefox as well.

"Google provides their malware detection as a civil service to the Web, so it affects Chrome users first, but then Firefox and Safari eventually get hit too because those browsers use Google’s data/alerts," said iSocket founder and CEO John Ramey. "Basically, Big Brother has a giant gavel on the internet, and little to no way to quickly correct themselves when they make a mistake."

When you go to Google’s diagnostic page, everything checks out:

“Of the 81 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-14, and suspicious content was never found on this site within the past 90 days.”

Google also notes that, “Over the past 90 days, vator.tv/news did not appear to function as an intermediary for the infection of any sites.”

So it was a false alarm. But what about the affected sites? For a site getting one million pageviews a month, that’s some 33,000 pageviews a day. If the malware warning persists for an hour, that’s some 1,400 pageviews lost.

“Google has this mechanism that can literally cripple businesses, yet it’s riddled with conflicting information (e.g. ‘isocket has 0 reports of malware. But it’s suspicious.’) and there is zero ability to quickly address or resolve either real issues or false positives,” said Ramey.

Ramey explained that there are a number of ways in which Google could mistakenly flag something as malicious. For example, ad serving tags are often daisy chained, so Google might detect a problem with one ad network and apply it to other ad networks upstream for the sake of being cautious.

“This is a giant punch in the gut for us as a company,” said Ramey. “We exist to make customers happy and advertising suck less, and it’s incredibly frustrating when something out of your hands happens and affects your customers – then Google makes it very difficult to remedy.”